2184 matches found
AZL-48665 CVE-2024-20506 affecting package clamav for versions less than 1.0.7-1
A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...
DEBIAN-CVE-2024-20506
A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...
CVE-2024-20506
A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...
CVE-2024-20506
A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...
UBUNTU-CVE-2024-20506
A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...
CVE-2024-20506 ClamAV Privilege Handling Escalation Vulnerability
A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...
CVE-2024-20506 ClamAV Privilege Handling Escalation Vulnerability
A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...
CVE-2024-20506
CVE-2024-20506 affects ClamAV ClamD logging: an authenticated local attacker could cause corruption of privileged system files by replacing the ClamD log with a symlink and restarting clamd. Reports cover multiple branches and versions (e.g., 1.4.0, 1.3.2 and older 1.2.x, 1.0.6 and older; 0.x lin...
CVE-2024-20506
A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...
CVE-2024-20506
A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...
CVE-2024-8234
The CVE-2024-8234 entry describes a command injection vulnerability in Zyxel NWA1100-N firmware 1.00(AACE.1)C0 affecting the functions formSysCmd(), formUpgradeCert(), and formDelcert(). The underlying issue allows an unauthenticated attacker to run OS commands and access system files, with CVSS ...
PT-2024-38883 · Zyxel · Zyxel Nwa1100-N
Name of the Vulnerable Software and Affected Versions: Zyxel NWA1100-N version 1.00AACE.1C0 Description: A command injection vulnerability in the functions formSysCmd, formUpgradeCert, and formDelcert could allow an unauthenticated attacker to execute some OS commands to access system files on an...
CVE-2024-7744 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Progress WS_FTP Server
In WSFTP Server versions before 8.8.8 2022.0.8, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has...
CVE-2024-3980
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application...
CVE-2024-3980
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application...
Hitachi Energy MicroSCADA X SYS600 参数注入漏洞
Hitachi Energy MicroSCADA X SYS600 is a SCADA product from Hitachi, Japan. It ensures optimal control and reliable operation of your switching station through seamless integration and connectivity between different devices and systems. The Hitachi Energy MicroSCADA X SYS600 suffers from a paramet...
PT-2024-28675 · Unknown · Microscada Pro/X Sys600
Name of the Vulnerable Software and Affected Versions: MicroSCADA Pro/X SYS600 affected versions not specified Description: The product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited, this issue allows the attack...
CVE-2023-7260 A path traversal vulnerability has been discovered in OpenText™ CX-E Voice.
Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system...
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Summary: As of July 10, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this...
CVE-2024-40422
CVE-2024-40422 concerns path traversal in the Devika v1 snapshot API. Affected: stitionai devika version v1, endpoint /api/get-browser-snapshot. Root cause: manipulation of the snapshot_path parameter lets an attacker traverse directories and access sensitive server files, enabling confidentialit...